Cookie Policy
Last updated: 1 April 2026
1. What are cookies?
Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work efficiently and to provide information to website owners. Similar technologies — such as local storage and session storage — serve comparable purposes and are covered by this policy.
2. How FRASafe uses cookies
FRASafe uses a minimal set of cookies. We do not use advertising cookies, retargeting cookies, or cookies from social media platforms. The cookies and storage technologies we use fall into two categories:
Essential cookies
These are strictly necessary for the service to function. They cannot be disabled.
| Name / type | Provider | Purpose |
|---|---|---|
| Auth session token | Supabase | Keeps you logged in to your FRASafe account. Set on sign-in and cleared on sign-out. |
| CSRF token | Supabase | Protects against cross-site request forgery attacks. |
| Assessment state (localStorage) | FRASafe | Stores your in-progress assessment answers in your browser so you can return to where you left off, including when offline. |
Analytics cookies
We use PostHog to understand how visitors use FRASafe — which pages are visited, where users drop off, and how the product can be improved. PostHog sets cookies to distinguish unique visitors and sessions.
| Name / type | Provider | Purpose |
|---|---|---|
| ph_* (analytics) | PostHog | Identifies unique visitors and tracks session activity to help us improve the service. Session recordings are captured with all form inputs masked. Data is processed on PostHog's EU cloud (eu.i.posthog.com). |
3. Legal basis
Under the UK Privacy and Electronic Communications Regulations (PECR) and UK GDPR:
- Essential cookies are used on the basis of legitimate interests (and in the case of security cookies, legal obligation) — they are necessary to provide the service you have requested.
- Analytics cookies are used on the basis of legitimate interests. We use PostHog's EU-hosted infrastructure, apply IP anonymisation, and mask all personally identifiable inputs in session recordings to minimise privacy impact.
4. How to control cookies
You can control and delete cookies through your browser settings. Note that disabling essential cookies will prevent FRASafe from functioning correctly — you will not be able to log in or save assessment progress.
To opt out of PostHog analytics specifically, you can enable the Do Not Track setting in your browser. PostHog respects this signal and will not track your session.
For general browser-level cookie management, refer to your browser's help documentation:
5. Third-party services
FRASafe uses the following third-party services that may set their own cookies or use local storage:
- Supabase — authentication and data storage. See the Supabase Privacy Policy.
- PostHog — analytics and session recording. See the PostHog Privacy Policy.
- Stripe — payment processing (only active on checkout pages). See the Stripe Privacy Policy.
We do not use Google Analytics, Facebook Pixel, or any advertising network cookies.
6. Changes to this policy
We may update this cookie policy from time to time to reflect changes in the technologies we use or applicable law. The date at the top of this page reflects when it was last updated. Continued use of FRASafe after changes constitutes acceptance of the updated policy.
7. Contact
If you have questions about how we use cookies, contact us at hello@frasafe.co.uk or see our full Privacy Policy.